Your DORA questions answered – Business resilience more broadly
This fifth of a series of articles covering a practical session organised by Ashurst focuses on business resilience questions connected to DORA.
DORA Article 30(2)-(3) outlines the minimum elements that must be included in any contractual arrangements on the use of ICT services:
The policy needs to specify that the contractual arrangements must include:
The final responsibility for inspection, audit and testing rests with the financial entity who can employ the following in order to carry these out:
The financial entity cannot only rely on third party certification or reports supplied by the ICT third-party service provider and these can only be used if the financial entity:
Any material changes to these arrangements must be:
By all parties
Your DORA questions answered – Business resilience more broadly
This fifth of a series of articles covering a practical session organised by Ashurst focuses on business resilience questions connected to DORA.
Thomas Hyrkiel3 min read
Your DORA questions answered – CIFs
This third of a series of six articles covering a practical session organised by Ashurst focuses on critical or important functions.
Thomas Hyrkiel4 min read
Your DORA questions answered – Extraterritoriality and interaction with existing rules
This last of a series of six articles covering a practical session organised by Ashurst focuses on how DORA will interact with existing rules as well as its extraterritorial effects.
Thomas Hyrkiel3 min read
Technology
Your DORA questions answered – Business resilience more broadly
Technology
Your DORA questions answered – CIFs
Technology
Your DORA questions answered – Extraterritoriality and interaction with existing rules
The ECB has given eurozone banks until October 31, 2026, to submit plans on how they will strengthen governance and resilience against growing AI-enabled cyberthreats.
Vasilka Lalevska 3 min read
This article examines the key challenges firms have encountered in their DORA compliance journeys and explores some of the practical solutions.
Nathaniel Lalone | Katten Ciara Watson | Katten 16 min read
Joint ESA report also highlights the role of third parties as incident originators and warns about impending risk from AI.
Thomas Hyrkiel 2 min read
Charles Herbert and James Clark discuss the potential for regulatory alignment across two areas of importance – digital law, and financial services regulation.
As regulators move from trialling AI to active oversight, firms face pressure to build governance structures to withstand scrutiny across multiple jurisdictions.
Vlada Gurvich 37 min listen
Norway’s financial infrastructure remains resilient, but rising cyber threats, third-party dependencies, and operational risks are rapidly changing the landscape.
Vasilka Lalevska 4 min read
Joint Committee report underlines cyber risks, ESG data, and consumer protection as core compliance priorities.
Vasilka Lalevska 1 min read
While the digital omnibuses simplify rules, the Commission's Digital Fitness Check assesses the coherence of the EU digital rulebook.
Vasilka Lalevska 3 min read
Further Reading